VanDyke Software

Security Advisory

Security Advisory

RSA BSAFE Crypto-C Micro Edition vulnerabilities (CVE-2019-3728 and CVE-2019-3733) and VanDyke VShell Server for Windows

Risk assessment: Medium-High (see below)


Posted: April 26, 2022

Description

The VanDyke VShell Server for Windows uses RSA BSAFE Crypto-C Micro Edition for cryptography.

(CVE-2019-3728) Versions of RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 are vulnerable to a Buffer Over-read vulnerability when processing DSA signatures. A malicious remote user could potentially exploit this vulnerability to cause VShell to crash, leading to a denial of service. [High severity]

(CVE-2019-3733) Versions of RSA BSAFE Crypto-C Micro Edition prior to 4.1.4 are vulnerable to three Improper Clearing of Heap Memory Before Release vulnerabilities, also known as “Heap Inspection vulnerabilities”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. [Medium severity]

Products Not Affected

  • VShell 4.7 and newer versions for Windows
  • VShell for macOS and Linux

Products Affected

  • VShell 4.6.3 and earlier versions for Windows

Recommended Solution

Upgrade to VShell 4.7 or newer versions for Windows

Vulnerability Fix Downloads

Official Postings

https://nvd.nist.gov/vuln/detail/CVE-2019-3728

https://nvd.nist.gov/vuln/detail/CVE-2019-3733

Revision History

April 26, 2022 – Security Advisory Published

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.